The internet was rocked by a very public breach on Twitter during July in which dozens of celebrity accounts were compromised. The hacked accounts announced all at once that they’d double “donations” made to their personal bitcoin account, which in reality was a cryptocurrency scheme. As more details emerged, we learned that the cybercriminals behind the attack used a variety of tactics to exploit insiders, obtaining access to user credentials within Twitter’s network.
Unfortunately, what happened to Twitter can happen to anyone. The highly publicized Twitter attack played out on the big stage in the public eye, but insiders cause damage every day. In fact, the 2020 Ponemon Cost of Insider Threats Report found that the frequency of insider threats increased by 47 percent over the last year. Every time an employee leaves a company, employers are at risk of losing critical data and intellectual property. This potentially damaging loss can happen very quickly, and in most cases does its work undetected.
Now that the vast majority of office employees are working remotely, companies should focus more on monitoring for insider threats. Start by monitoring all user traffic on the corporate network. The information obtained by traffic and security monitoring can identify security vulnerabilities, troubleshoot network issues and analyze the impact users have on the network.
Here are my top five tips for security pros looking to monitor for malicious user behavior in a climate where users are operating outside the protective walls of the corporate network:
- Require cybersecurity awareness training. Make sure employees have basic cybersecurity knowledge. Employees are the first line of defense for any organization. We always encourage organizations to train staff frequently on their role in defending the enterprise, what threats to look for and what behaviors to avoid. With the dramatic change in how we work, companies should increase training frequency so cybersecurity remains top of mind. Employees should know how to spot phishing emails, avoid use of public Wi-Fi networks, ensure home Wi-Fi routers are sufficiently secured and verify the security of the devices they use to get work done.
- Avoid public Wi-Fi. A lot of people like to work in public outdoor spaces near coffee shops and use public Wi-Fi, especially now that places are reopening. If employees want to work in public places, require them to use VPNs so IT can monitor for any malicious activity. Public hotspots are breeding grounds for hackers looking to exploit openings into corporate networks.
- Double-down on endpoint protection. Although a firewall can help, most employees rely on a DSL or cable modem at home. It’s inevitable that an attacker will get through. Efficient endpoint protection platforms (EPPs) act as the next line of defense by detecting and blocking known threats. EPPs also let security teams keep up with all the applications that are running on the network. Furthermore, if the company has an MSSP, using endpoint protection software lets the MSSP actively respond to potential malware and ransomware issues.
- Stay up-to-date on patch management. We see massive breaches time and time again in which attackers gain a foothold by exploiting an old vulnerability. That’s what happened in the Equifax breach. Avoid this by keeping all software and hardware up-to-date. Security teams also need to install and enable security protection on all work devices. This includes personal devices used to access collaboration tools, email and any other business applications. In many cases, software updates can run automatically during downtime. This gives CISOs peace of mind since they don’t have to worry about potential risks occurring because software updates were not done.
- Proactively manage remote desktop tools. The pandemic has forced many organizations into a remote work environment and some companies have opted to loosen security controls to support this new model. With this shift, new remote desktop protocol (RDP) tools have been deployed that create vulnerabilities that attackers can exploit. Companies that want to use remote desktop tools should check out this list of top providers. Once the organization implements a tool, it should actively monitor these RDPs for suspicious behavior.
Remote work won’t go away any time soon. Even as offices reopen, many fewer people will work in the office compared to before the pandemic. However, security teams cannot afford to loosen up on security, especially when a solid portion of attacks are carried out by those assumed to be trusted insiders.
As companies evaluate budgets for 2021, organizations should take a look at their tech stack. Introducing new tools to old infrastructure will not make the company more secure. Rather, consider integrating and optimizing the company’s existing tech stack and then augment visibility gaps with next-generation products and services architected with security in mind. This will let more security teams and business managers monitor their work-from-home environment for malicious behavior and even deliver some much-needed peace of mind.
John Ayers, chief strategy product officer, Nuspire